summaryrefslogtreecommitdiffstats
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* process-util: refuse FORK_DETACH + FORK_DEATHSIG_*Mike Yuan2024-11-141-2/+2
| | | | | | There's no synchoronization between the intermediate process and the double-forked child, and the semantics are not useful. Refuse such combination.
* async: block SIGTERM in asynchronous_rm_rf()Mike Yuan2024-11-141-0/+4
| | | | See justifications at https://github.com/systemd/systemd/pull/32235#issuecomment-2062327783
* network/netdev: follow-ups for reloading .netdev files (#34979)Luca Boccassi2024-11-1418-115/+240
|\ | | | | Follow-ups for #34909.
| * network/tuntap: manage tun/tap fds by managerYu Watanabe2024-11-142-63/+71
| | | | | | | | | | Otherwise, when a .netdev file for tun or tap netdev is updated, reloading the file leaks the previous file descriptor.
| * network/bond: do not update several parameters if already up or has slavesYu Watanabe2024-11-141-8/+21
| | | | | | | | | | Some bonding parameters cannot be updated when the netdev is already up or already has at least one slave interface.
| * network/netdev: do not try to update if not supportedYu Watanabe2024-11-149-1/+32
| | | | | | | | | | Some netdevs cannot update there properties after created. Let's skip requests in that case.
| * network/netdev: fix counter handling if request is cancelledYu Watanabe2024-11-141-1/+13
| | | | | | | | | | | | | | | | | | | | | | Follow-up for 1003093604661bd984574889167f2ff4dfd6209c. If a netdev is detached for some reasons, then previously the request was simply cancelled, and the underlying interface never enter the configured state, as the 'stacked_netdevs_created' flag never set. This makes the counter decremented manually by the function, and set the flag. So, the underlying interface can eter the configured state.
| * network/netdev: always queue request of creating netdev then process it laterYu Watanabe2024-11-141-14/+2
| | | | | | | | | | | | | | After PR #34909, networkd tries to update an existing netdev interface if possible. But, when .netdev files are loaded on start, we have not enumerate interfaces, so we do not know if the corresponding interface exists or not. Let's delay processing request a bit.
| * network/netdev: enter ready state only when it is created by usYu Watanabe2024-11-141-18/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Follow-up for PR #34909. This fixes an issue that network interfaces cannot join a master netdev, like bond or bridge, when the corresponding .netdev is reloaded. With PR #34909, networkd supports reloading .netdev files. However, When a .netdev file is modified and reloaded, ifindex is copied from the old NetDev object to the new one. Thus, even if the interface is successfully updated, netdev_set_ifindex_impl() will return 0 and netdev_enter_ready() will never called. If the netdev is a kind of master netdev, then port interfaces cannot join the master netdev, as REQUEST_TYPE_SET_LINK_MASTER requires that the master netdev is in the ready state.
| * network/netdev: do not update MAC address if netdev is already runningYu Watanabe2024-11-148-7/+74
| | | | | | | | | | | | | | | | | | | | | | Follow-up for 17c5337f7b2993619d84acc2088b2ba1789e6477. Older kernels (older than v6.5) refuse RTM_NEWLINK messages with IFLA_ADDRESS attribute when the netdev already exists and is running, even if the MAC address is unchanged. So, let's not set IFLA_ADDRESS or IFLA_MTU if they are unchanged, and set the attributes only when we can update them.
| * network/netdev: set interface name only when creating a new netdevYu Watanabe2024-11-141-3/+8
| | | | | | | | Otherwise, the kernel older than v6.2 will refuse the netlink message.
* | boot/stub: allocate pages for combined initrds below 4GiB only on x86 (#35149)andre4ik32024-11-143-10/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Outside of x86, some machines (e.g. Apple silicon, AMD Opteron A1100) have physical memory mapped above 4GiB, meaning this allocation will fail, causing the entire boot process to fail on these machines. This commit makes it so that the below-4GB address space allocation requirement is only set on x86 platforms, and not on other platforms (that don't have the specific Linux x86 boot protocol), thereby fixing boot on those that have no memory mapped below 4GiB in their address space. Tested on an Apple silicon M1 laptop and an AMD x86_64 desktop tower. Fixes: #35026
* | logind-session: be more specific about session_kill() errors, plus minor ↵Yu Watanabe2024-11-146-11/+13
|\ \ | | | | | | | | | fixes for sd_bus_error handling (#35150)
| * | logind-session: be more specific about session_kill() errorsMike Yuan2024-11-133-5/+9
| | | | | | | | | | | | | | | | | | When kill_whom == _ALL, there can be two cases that lead to ESRCH: the session expects no scope at all or the scope is not active. Let's distinguish the two cases.
| * | portable: do not use SYNTHETIC_ERRNO for sd_bus_error_set_errno()Mike Yuan2024-11-131-2/+2
| | | | | | | | | | | | | | | | | | | | | The concept of synthetic errnos is about logging, which is irrelevant irt bus error and we don't do any special treatment in sd-bus for them, meaning the value propagated would be spurious.
| * | sd-bus/bus-common-errors: reorder one pid1 error to group with othersMike Yuan2024-11-132-4/+2
| |/
* | network: rename KeepConfiguration=dhcp -> dynamicYu Watanabe2024-11-149-41/+79
| | | | | | | | | | KeepConfiguration=dhcp keeps not only DHCP configurations but also SLAAC or IPV4LL. Let's rename the value to 'dynamic'.
* | network/ipv4ll: use a foreign IPv4LL address when KeepConfiguration=dhcpYu Watanabe2024-11-141-0/+23
| | | | | | | | | | This is similar to what we do for DHCPv4 address, but for IPv4LL address.
* | network: keep all dynamically acquired configurations when ↵Yu Watanabe2024-11-141-18/+18
| | | | | | | | | | | | | | | | | | | | KeepConfiguration=dhcp-on-stop By the previous commit, configuration source of addresses and routes are saved on stop and restored on start. Hence, we can keep dynamic configurations on stop. Co-authored-by: Jian Zhang <zhangjian.3032@bytedance.com>
* | network: introduce manager_serialize()/deserialize()Yu Watanabe2024-11-148-68/+554
|/ | | | | | | | | | Currently, only configuration sources and providers of addresses and routes are serialized/deserialized. This should mostly not change behavior, as dynamic (except for DHCPv4) configurations will be dropped before stopping networkd, and for DHCPv4 protocol, we have already had another logic to handle DHCPv4 configurations. Preparation for later commits.
* namespace-util: pin pid via pidfd during namespace_open()Lennart Poettering2024-11-131-4/+6
|
* network/ndisc: fix removal of unnecessary routes (#35128)Luca Boccassi2024-11-133-30/+76
|\ | | | | | | | | | | | | Follow-up for 972f1d17ab461a51142a142609dd3ec50bae8440. This fixes the logic of removing unnecessary routes configured by the previously received RAs. Previously, we wrongly handled existing routes could be updated, and unexpected routes would be kept.
| * network/ndisc: restore the original preference and priority before checking ↵Yu Watanabe2024-11-121-0/+9
| | | | | | | | | | | | | | | | | | | | if existing route can be updated Follow-up for 972f1d17ab461a51142a142609dd3ec50bae8440. This fixes the logic of removing unnecessary routes configured by the previously received RAs. Previously, we wrongly handled existing routes could be updated, and unexpected routes would be kept.
| * network/ndisc: introduce ndisc_route_prepare() and ndisc_router_route_prepare()Yu Watanabe2024-11-121-16/+46
| | | | | | | | | | | | These applies common parameters to the route to be requested or removed. No functional change, just refactoring and preparation for later commits.
| * network/ndisc: several cleanups for ndisc_remove_route()Yu Watanabe2024-11-121-10/+4
| | | | | | | | | | | | - drop unnecessary call of ndisc_set_route_priority() at the beginning, as it is called later in the loop below, - use RET_GATHER() and remove all possible routes even if failed.
| * network/ndisc: introduce route_is_bound_to_link() helper function and use it ↵Yu Watanabe2024-11-123-4/+17
| | | | | | | | | | | | where applicable No functional change, and preparation for later commits.
* | sd-boot/sd-stub: two log message fixes (#35143)Yu Watanabe2024-11-133-5/+8
|\ \ | | | | | | | | | Fixes: #35033 Fixes: #35100
| * | pe: use PE_SECTION_VECTOR_IS_SET() macro where appropriateLennart Poettering2024-11-121-2/+2
| | |
| * | pe: remove unnecessary log message about DT/HWIDLennart Poettering2024-11-121-2/+1
| | | | | | | | | | | | Fixes: #35100
| * | efi: don't log if EFI RNG isn't readyLennart Poettering2024-11-122-1/+5
| | | | | | | | | | | | | | | | | | | | | Apparently this happens IRL on some systems, let's handle this gracefully and don't log. Fixes: #35033
* | | audit-util: return -ENODATA from audit_{session|loginuid}_from_pid() if ↵Yu Watanabe2024-11-139-63/+132
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | invoked in a container (#35072) The auditing subsystem is still not virtualized for containers, hence the two values don't really make sense inside them, they will just leak information from outside into the container. Hence don't make use of the data if we detect we are run inside of a container. This has visible effects: logind will no longer try to reuse the auditing session ids as its own session ids when run inside a container. While are at it, modernize the calls in more ways: 1. switch to pidref behaviour, all but one of our uses are using pidref anyway already. 2. use read_virtual_file() + proc_mounted() 3. reasonably distinguish ENOENT errors when reading the process proc files: distinguish the case where /proc is not mounted, from the case where the process is already gone, from where auditing is not enabled in the kernel build.
| * | | process-util: more gracefully handle oom adjust parsing/settingLennart Poettering2024-11-121-2/+10
| | | | | | | | | | | | | | | | | | | | Who knows what kind of mount shenanigans people employ, let's gracefully handle parse failures of proc files, like we alway do otherwsie.
| * | | audit-util: modernize use_audit() a bitLennart Poettering2024-11-121-27/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use ERRNO_IS_xyz() macros where appropriate. Also, reduce indentation a bit by inverted early check. And log in more error codepaths.
| * | | audit-util: return -ENODATA from audit_{session|loginuid}_from_pid() if ↵Lennart Poettering2024-11-128-34/+96
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | invoked in a container The auditing subsystem is still not virtualized for containers, hence the two values don't really make sense inside them, they will just leak information from outside into the container. Hence don't make use of the data if we detect we are run inside of a container. This has visible effects: logind will no longer try to reuse the auditing session ids as its own session ids when run inside a container. While are at it, modernize the calls in more ways: 1. switch to pidref behaviour, all but one of our uses are using pidref anyway already. 2. use read_virtual_file() + proc_mounted() 3. reasonable distinguish ENOENT errors when reading the process proc files: distinguish the case where /proc is not mounted, from the case where the process is already gone, from where auditing is not enabled in the kernel build.
* | | | ptyfwd: ellipsize overly long window titlesLennart Poettering2024-11-131-4/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Apparently some terminal emulators have problems with overly long titles, hence truncate them at some safe length (128). Also, when parsing ANSI sequences ourselves accept longer sequences (192), after all we should be fine when parsing our own title sequences. Fixes: #35104
* | | | various: check meson feature flag earlyMike Yuan2024-11-1320-132/+149
| |/ / |/| | | | | | | | Prompted by https://github.com/systemd/systemd/pull/35110#discussion_r1835885340
* | | run0: when changing privileges to non-root, do not show superhero emojiLennart Poettering2024-11-124-2/+6
| | | | | | | | | | | | Let's show an idcard logo instead, to indicate that we changed ids.
* | | dbus-manager: add missing word 'unit' to PK messageLennart Poettering2024-11-121-1/+1
| | |
* | | nspawn: fix indentation of run_container() parameter listLennart Poettering2024-11-121-9/+9
| | |
* | | mntwork: shorten codeLennart Poettering2024-11-121-5/+1
| | |
* | | dissect-image: remove dead codeLennart Poettering2024-11-121-4/+0
| | |
* | | mountfsd: drop unused variableLennart Poettering2024-11-121-5/+0
|/ /
* / sbsign: remove unused --no-pager optionAntonio Alvarez Feijoo2024-11-121-8/+0
|/
* network: forget IPv4 non-local routes when an interface went down (#35099)Yu Watanabe2024-11-115-23/+111
|\ | | | | Fixes #35047.
| * network/nexthop: also forget IPv4 nexthops when an interface went downYu Watanabe2024-11-113-0/+57
| | | | | | | | Similar to the previous commit, but for nexthop.
| * network/route: forget IPv4 non-local routes when an interface went downYu Watanabe2024-11-113-0/+35
| | | | | | | | | | | | | | When an interface went down, IPv4 non-local routes are removed by the kernel without any notifications. Let's forget the routes in that case. Fixes #35047.
| * network/nexthop: forget dependent routes without trying to removeYu Watanabe2024-11-113-12/+16
| | | | | | | | | | | | When a nexthop is removed, routes depend on the removed nexthop are already removed. It is not necessary to remove them, as already commented. Let's forget them without trying to remove.
| * network/nexthop: do not remove depending nexthops when a nexthop is removedYu Watanabe2024-11-111-13/+3
| | | | | | | | | | Previously, when a nexthop is removed, depending nexthops were removed, but that's not necessary, as the kernel keeps them, at least with v6.11.
| * network/route: update reference of the route from nexthopYu Watanabe2024-11-111-0/+2
| | | | | | | | | | | | Follow-up for 6f09031e4d04727cc72164fefcbc763e37556493. The function has been introduced by the commit, but it has never been used...
* | Introduce systemd-keyutil to do various key/certificate operations (#35095)Lennart Poettering2024-11-115-149/+310
|\ \ | |/ |/| | | | | | | | | Let's gather generic key/certificate operations in a new tool systemd-keyutil instead of spreading them across various special purpose tools. Fixes #35087